Useful Info

How to change the Admin URL?

Edit the application/config/constants.php file using FTP and change line number 97.

Replace 'admin' with your string (e.g. 'restrictedArea').


defined('SITE_AREA') || define('SITE_AREA', 'admin');


defined('SITE_AREA') || define('SITE_AREA', 'restrictedArea');

Also rename the application/controllers/admin folder with your string name (e.g. 'application/controllers/restrictedArea').

Login to the Admin Panel, go to Settings->Roles, and edit each role. If the Login Destination field has the admin string, replace it with your string name.

E.g. In the Vendor role, replace admin/components/products/manage/products with restrictedArea/components/products/manage/products

An extra step to protect your website from hacking via .htaccess file

Edit the public_html/.htaccess file and paste the code below at the top of the .htaccess file.

# Disable script execution
AddHandler cgi-script .pl .jsp .asp .sh .cgi .alfa .py .php5 .php4 .php3 .php2
Options -ExecCGI
# Allow only index.php file to execute
<Files *.php>
    Order Deny,Allow
    Deny from all
    Allow from
<Files index.php>
    Order Allow,Deny
    Allow from all

The code above will disable the execution of all scripts except php files. Only index.php will be accessible.

Deny direct access to all .php files except index.php in the public_html folder. Paste the below code after the RewriteEngine On as follows:

RewriteEngine On
# Deny direct access to all .php files except index.php
RewriteRule ^(?!(/<ROOTPATH>/public_html/)?index\.php$).+?\.php$ - [F,NC]

Don't forget to replace the ROOTPATH with your hosting server path. e.g. home/directory

How to Force Redirect HTTP to HTTPS by Editing .htaccess File?

Install SSL certificate on your Hosting Panel. After installation of SSL, edit the public_html/.htaccess file. You can edit this file via FTP or cPanel File Manager. The next step involves htaccess redirects to https in Apache or NGINX.

Insert this code to the .htaccess file after RewriteEngine On to force all web traffic to use HTTPS. 

RewriteEngine on
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
GoDaddy Hosting
 RewriteEngine On 
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^(www\.)?YOURDOMAINNAME\.com
RewriteRule ^(.*)$$1 [R,L]

How to change Favicon for your website?

The favicon.ico file is typically a simple 16x16 image, visible in the browser title bar. To replace this image, simply do the following:

Create a "favicon.ico" file from your preferred image. You can use an image editing tool—such as Adobe Photoshop, GIMP, MS Paint, etc. to create your image. Once the image is ready in PNG/JPG format, use online sites to convert it to a favicon.

You can also design an icon online at

You can also download one from

Upload the image to public_html/assets/images folder of your website. You can also replace the image through the Admin Panel via Settings->File Manager.


We do not use any cookies, however, eComsta is developed using Codeigniter Framework and it uses some cookies (e.g. ci_csrf_token, bf_session) for data storage. We cannot disable this behavior, please update this information in your Terms & Conditions policy.

_ga and _gid

In order for Google Analytics to determine that two distinct hits belong to the same user, a unique identifier, associated with that particular user, must be sent with each hit. For this purpose, Google Analytics uses a single, first-party cookie named _ga to store the Client ID. The Client ID is a randomly generated string that gets stored in the browsers cookies, so subsequent visits to the same site can be associated with the same user.


The session class stores session information for each user as serialized (and optionally encrypted) data in this cookie. This is used to maintain a user's "state" and track your user's activity while they browse your site.


Used for input data security. It prevents site attacks in which a malicious entity tricks a victim into performing actions on behalf of the attacker.

How To Add A Cookie Consent?

Use the following free script from

Add the following code in the header of your website, just before the </head> tag.

Use FTP and insert the code in the public_html/themes/default/_header.php file before the </head> tag.

For help and additional options see the documentation.

<link rel="stylesheet" type="text/css" href="//" />
<script src="//"></script>
window.addEventListener("load", function(){
  "palette": {
    "popup": {
      "background": "#eaf7f7",
      "text": "#5c7291"
    "button": {
      "background": "#56cbdb",
      "text": "#ffffff"
  "theme": "classic",
  "position": "bottom-right",
  "content": {
    "message": "This website uses cookies.",

How to generate Google Captcha Keys?

Login with your Gmail account and visit

  • Enter a Label e.g. ecomsta.
  • Select reCAPTCHA v2 as the reCAPTCHA type.
  • Enter your website URL in the Domains field (e.g., and click the plus icon. 
  • Accept the reCAPTCHA Terms of Service checkbox and click the SUBMIT button.
  • Copy your keys.
  • Visit Settings->Settings->Security tab and enter the copied keys in the Recaptcha Site Key and Recaptcha Secret Key fields.
  • Click the Save button.